The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Computer vulnerabilities of Grafana

Grafana: information disclosure via /var/lib/grafana
An attacker can read /var/lib/grafana on a Grafana host, in order to obtain sensitive information...
8283, CVE-2020-12458, CVE-2020-12459, FEDORA-2020-c6b0c7ebbb, FEDORA-2020-d109a1d1d9, VIGILANCE-VUL-32155
Grafana: Cross Site Scripting
An attacker can trigger a Cross Site Scripting of Grafana, in order to run JavaScript code in the context of the web site...
CVE-2020-12052, CVE-2020-12245, openSUSE-SU-2020:0892-1, VIGILANCE-VUL-32105
Grafana: Cross Site Scripting via Column Link
An attacker can trigger a Cross Site Scripting via Column Link of Grafana, in order to run JavaScript code in the context of the web site...
VIGILANCE-VUL-31440
Grafana: denial of service via HTTP API
An attacker can trigger a fatal error via HTTP API of Grafana, in order to trigger a denial of service...
CVE-2019-15043, FEDORA-2019-0bb6b876da, FEDORA-2019-77d612eab4, openSUSE-SU-2020:0892-1, RHSA-2020:1659-01, VIGILANCE-VUL-30211
Grafana: privilege escalation via CSV Formula Injection
An attacker can bypass restrictions via CSV Formula Injection of Grafana, in order to escalate his privileges...
VIGILANCE-VUL-29478
jQuery, Symfony: Cross Site Scripting via templates
An attacker can trigger a Cross Site Scripting via templates for Symfony, in order to run JavaScript code in the context of the web site...
bulletinoct2019, CERTFR-2019-AVI-180, cpujan2020, cpuoct2019, CVE-2019-10909, CVE-2019-11358, DLA-1777-1, DLA-1777-2, DLA-1778-1, DLA-1797-1, DLA-2118-1, DRUPAL-SA-CORE-2019-005, DRUPAL-SA-CORE-2019-006, DSA-4434-1, DSA-4441-1, FEDORA-2019-2a7f472198, FEDORA-2019-32067d8b15, FEDORA-2019-3ee6a7adf2, FEDORA-2019-a3ca65028c, FEDORA-2019-f8db687840, ibm10882578, ibm10882596, ibm10882756, ibm10882762, ibm10882952, ibm10882956, openSUSE-SU-2019:1839-1, openSUSE-SU-2019:1872-1, RHSA-2019:1456-01, Synology-SA-19:19, TYPO3-CORE-SA-2019-009, TYPO3-CORE-SA-2019-010, TYPO3-CORE-SA-2019-011, TYPO3-CORE-SA-2019-012, TYPO3-CORE-SA-2019-013, TYPO3-PSA-2019-004, TYPO3-PSA-2019-005, TYPO3-PSA-2019-006, VIGILANCE-VUL-29070
Grafana: privilege escalation via Org-Admin/Alerting Pages
An attacker can bypass restrictions via Org-Admin/Alerting Pages of Grafana, in order to escalate his privileges...
VIGILANCE-VUL-28688
Grafana: code execution via go-macaroon
An attacker can use a vulnerability via go-macaroon of Grafana, in order to run code...
5469, VIGILANCE-VUL-27939
Grafana: file reading via Text Panels
A local attacker can read a file via Text Panels of Grafana, in order to obtain sensitive information...
CVE-2018-19039, VIGILANCE-VUL-27790
Grafana: Cross Site Scripting via Query Editor
An attacker can trigger a Cross Site Scripting via Query Editor of Grafana, in order to run JavaScript code in the context of the web site...
13667, CVE-2018-1000816, VIGILANCE-VUL-27610
Our database contains other pages. You can request a free trial to read them.

Display information about Grafana: